//
//package com.frontend.gateway.config;
//
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.core.convert.converter.Converter;
//import org.springframework.security.authentication.AbstractAuthenticationToken;
//import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
//import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
//import org.springframework.security.config.web.server.ServerHttpSecurity;
//import org.springframework.security.core.GrantedAuthority;
//import org.springframework.security.core.authority.SimpleGrantedAuthority;
//import org.springframework.security.oauth2.jwt.Jwt;
//import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder;
//import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
//import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
//import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
//import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter;
//import org.springframework.security.web.server.SecurityWebFilterChain;
//import org.springframework.security.web.server.authorization.AuthorizationWebFilter;
//import reactor.core.publisher.Mono;
//
//import javax.crypto.spec.SecretKeySpec;
//import java.nio.charset.StandardCharsets;
//import java.util.Collection;
//import java.util.Collections;
//import java.util.List;
//import java.util.stream.Collectors;
//
//@Configuration
//@EnableWebFluxSecurity
//@EnableReactiveMethodSecurity
//public class ResourceServerConfig {
//
//    @Bean
//    public SecurityWebFilterChain resourceServerSecurityFilterChain(ServerHttpSecurity http) {
//        http
//                .securityMatcher("/api/**") // 只对/api路径应用资源服务器配置
//                .authorizeExchange(exchanges -> exchanges
//                        .anyExchange().authenticated()
//                )
//                .oauth2ResourceServer(oauth2 -> oauth2
//                        .jwt(jwt -> jwt
//                                .jwtDecoder(reactiveJwtDecoder())
//                                .jwtAuthenticationConverter(jwtAuthenticationConverter())
//                        )
//                );
//
//        return http.build();
//    }
//
//    @Bean
//    public ReactiveJwtDecoder reactiveJwtDecoder() {
//        SecretKeySpec secretKeySpec = new SecretKeySpec(
//                "my-secret-key-12345".getBytes(StandardCharsets.UTF_8),
//                "HMACSHA256"
//        );
//
//        return NimbusReactiveJwtDecoder.withSecretKey(secretKeySpec)
//                .macAlgorithm(org.springframework.security.oauth2.jose.jws.MacAlgorithm.HS256)
//                .build();
//    }
//
//    @Bean
//    public Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter() {
//        return new ReactiveJwtAuthenticationConverterAdapter(new Converter<Jwt, AbstractAuthenticationToken>() {
//            @Override
//            public AbstractAuthenticationToken convert(Jwt jwt) {
//                Collection<GrantedAuthority> authorities = extractAuthorities(jwt);
//                String username = extractUsername(jwt);
//                return new JwtAuthenticationToken(jwt, authorities, username);
//            }
//
//            private String extractUsername(Jwt jwt) {
//                String username = jwt.getClaimAsString("user_name");
//                if (username != null && !username.isEmpty()) {
//                    return username;
//                }
//
//                username = jwt.getClaimAsString("preferred_username");
//                if (username != null && !username.isEmpty()) {
//                    return username;
//                }
//
//                return jwt.getSubject();
//            }
//
//            private Collection<GrantedAuthority> extractAuthorities(Jwt jwt) {
//                List<String> authorities = jwt.getClaimAsStringList("authorities");
//                if (authorities != null && !authorities.isEmpty()) {
//                    return authorities.stream()
//                            .map(auth -> new SimpleGrantedAuthority("ROLE_" + auth))
//                            .collect(Collectors.toList());
//                }
//
//                List<String> scopes = jwt.getClaimAsStringList("scope");
//                if (scopes != null && !scopes.isEmpty()) {
//                    return scopes.stream()
//                            .map(scope -> new SimpleGrantedAuthority("SCOPE_" + scope))
//                            .collect(Collectors.toList());
//                }
//
//                return Collections.emptyList();
//            }
//        });
//    }
//}